package com.vipbbo.security.distributed.order.config;

import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

/**
 * @author bbo(zbw)
 * Description 安全访问控制
 * @Date 2021/5/8
 */

@Configuration
@EnableGlobalMethodSecurity(securedEnabled = true,prePostEnabled = true)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    //安全拦截机制

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        //super.configure(http);
        http.csrf().disable()
                .authorizeRequests()
//                .antMatchers("/r/r1").hasAuthority("p1")  //这是基于web的授权可以屏蔽
//                .antMatchers("r/r2").hasAuthority("p2")   //这是基于web的授权可以屏蔽
                .antMatchers("/r/**").authenticated() // 所有/r/**请求必须认证通过
                .anyRequest().permitAll(); // 除了/r/**，其他的请求都可以访问
    }

    @Override
    public void configure(WebSecurity web) throws Exception {
        super.configure(web);
    }
}
